Skip to main content
CVE-2020-9361 MEDIUM POC This Month

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Csp
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2020-15002 MEDIUM POC This Month

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.1
5.0
EPSS
1.6%
CVE-2020-15004 MEDIUM POC This Month

OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
4.8
EPSS
2.8%
CVE-2020-24847 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Fruitywifi
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2020-15003 MEDIUM POC This Month

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2020-3998 MEDIUM PATCH This Month

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft VMware Horizon Client
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2020-27388 MEDIUM PATCH This Month

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Yourls
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-3997 MEDIUM PATCH This Month

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS VMware Horizon
NVD
CVSS 3.1
5.4
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy